2 matches found
CVE-2022-35956
The CVE concerns the Rails gem update_by_case, which adds two ActiveRecord::Base methods to update many records in one query using a case statement. The root cause is the use of customized SQL strings in versions prior to 0.1.3, which were not sanitized and allowed SQL injection. Red Hat and othe...
CVE-2022-35956 update_by_case before 0.1.3 vulnerable to sql injection
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 updatebycase gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrad...